Falhas do tipo CWE-916
65 resultadosCVE-2018-10618—Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remoteEPSS 10.1%CVE-2023-33243HIGHRedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the EPSS 4.4%CVE-2020-14516—In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 EPSS 4.1%CVE-2024-21754LOWA use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all verEPSS 3.5%CVE-2024-3183HIGHFreeipa: user can obtain a hash of the passwords of all domain users and perform offline brute forceEPSS 2.0%CVE-2002-1657HIGHPostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a bruteEPSS 1.3%CVE-2023-0567HIGHpassword_verify() always returns true for some invalid hashesEPSS 0.9%CVE-2021-32519CRITICALQSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational EffortEPSS 0.9%CVE-2020-14512HIGHUSE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916EPSS 0.8%CVE-2020-14389—It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account EPSS 0.8%CVE-2020-16231HIGHAll Bachmann M1 System Processor Modules - Use of Password Hash with Insufficient Computational EffortEPSS 0.8%CVE-2014-2354—Cogent DataHub Use of Password Hash With Insufficient Computational EffortEPSS 0.7%CVE-2021-43989HIGHmySCADA myPROEPSS 0.7%CVE-2023-46233CRITICALcrypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEPSS 0.6%CVE-2020-6780MEDIUMPassword Hash With Insufficient Computational Effort in the Database of Bosch FSM-2500 Server and Bosch FSM-5000 ServerEPSS 0.6%CVE-2022-1235HIGHWeak secrethash can be brute-forced in livehelperchat/livehelperchatEPSS 0.5%CVE-2022-47732HIGHIn Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing adEPSS 0.5%CVE-2021-39182HIGHUse of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.pyEPSS 0.5%CVE-2018-15717—Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.EPSS 0.5%CVE-2023-27580HIGHCodeIgniter Shield Password Shucking VulnerabilityEPSS 0.5%